pnpm/.github/workflows/audit.yml

name: Audit

on:
  push:
    # Skip the redundant run on the merge queue's temporary
    # `gh-readonly-queue/**` branches; the pull_request run already covered it.
    branches-ignore:
      - 'gh-readonly-queue/**'
  pull_request:

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  audit:
    name: Audit dependencies
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Commit
      uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Install pnpm
      uses: pnpm/setup@77cf06832101b3ac8c65caaf76a21643936d07a4
      with:
        install: false
    - name: Audit
      run: pn audit